Hi
We have implemented Aptilo platform and would like to get help on the settings for sending syslog to our SIEM:
Aptilo AC
Aptilo CORE 5 - Linux ac1.wificiutada.intra 2.6.18-274.12.1.el5 #1 SMP Tue Nov 29 13:37:35 EST 2011 i686 i686 i386 GNU/Linux
Aptilo Access Controller Version 9.1 Build 2286
From Aptilo send syslog to remote server SIEM. How we do it? The /etc/syslog.conf File
#kern.* /dev/console
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
local0.=debug -/var/log/apc_debug
local0.=notice -/var/log/apc_notice
local0.=info /var/log/apc_info
local0.=warning /var/log/apc_warning
local0.=err /var/log/apc_error
local0.=crit /var/log/apc_critical
authpriv.* /var/log/secure
mail.* /var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
Security events. What?
According to your experience and taking into account the issue of security. What are the events that contributed us something and we should see or monitor the Aptilo platform?
Is there any protocol for this type of device or Log Source Type should use for correct settings?
Regards and thanks,
Diego C
